diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
index 373ece8..5704a18 100644
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@@ -11,30 +11,28 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: [7.4, 7.3, 7.2.15]
-        laravel: [7.*, 6.*]
+        php: [8.0, 7.4]
+        laravel: [8.*]
         dependency-version: [prefer-lowest, prefer-stable]
         include:
-          - laravel: 7.*
-            testbench: 5.*
-          - laravel: 6.*
-            testbench: ^4.1
+          - laravel: 8.*
+            testbench: 6.*
 
     name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }} - ${{ matrix.dependency-version }}
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v1
+      uses: actions/checkout@v2
 
     - name: Setup PHP
-      uses: shivammathur/setup-php@v1
+      uses: shivammathur/setup-php@v2
       with:
         php-version: ${{ matrix.php }}
         extensions: mbstring, intl
         coverage: xdebug
 
     - name: Cache dependencies
-      uses: actions/cache@v1
+      uses: actions/cache@v2
       with:
         path: ~/.composer/cache/files
         key: ${{ runner.os }}-laravel-${{ matrix.laravel }}-php-${{ matrix.php }}-composer-${{ hashFiles('composer.json') }}
@@ -54,5 +52,5 @@ jobs:
         COVERALLS_SERVICE_NAME: github
       run: |
         rm -rf composer.* vendor/
-        composer require cedx/coveralls
-        vendor/bin/coveralls build/logs/clover.xml
+        composer require php-coveralls/php-coveralls
+        vendor/bin/php-coveralls
diff --git a/README.md b/README.md
index b0345c9..e683df4 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,7 @@
-![Zachary Lisko - Unsplash (UL) #JEBeXUHm1c4](https://images.unsplash.com/flagged/photo-1570343271132-8949dd284a04?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=1280&h=400&q=80)
+<p align="center">
+  <img src="laraguardlogo.png">
+</p>
+
 
 # Laraguard
 
@@ -7,14 +10,16 @@
  ![](https://github.com/DarkGhostHunter/Laraguard/workflows/PHP%20Composer/badge.svg)
 [![Coverage Status](https://coveralls.io/repos/github/DarkGhostHunter/Laraguard/badge.svg?branch=master)](https://coveralls.io/github/DarkGhostHunter/Laraguard?branch=master)
 
-Two Factor Authentication via TOTP for all your Users out-of-the-box.
+Two Factor Authentication via TOTP for all your users out-of-the-box.
 
 This package _silently_ enables authentication using 6 digits codes, without Internet or external providers.
 
 ## Requirements
 
-* Laravel [6.15](https://blog.laravel.com/laravel-v6-15-0-released) or Laravel 7.
-* PHP 7.2+
+* Laravel 8.x
+* PHP 7.4 or PHP 8.0
+
+> For older versions support, consider helping by sponsoring or donating.
 
 ## Table of Contents
 
@@ -55,22 +60,21 @@ That's it.
 
 ### How this works
 
-This packages adds a **Contract** to detect in a **per-user basis** if it should use Two Factor Authentication. It includes a custom **view** and a **listener** to handle the Two Factor authentication itself during login attempts.
+This package adds a **Contract** to detect in a **per-user basis** if, after the credentials are deemed valid, should use Two Factor Authentication as a second layer of authentication.
+
+It includes a custom **view** and a **listener** to handle the Two Factor authentication itself during login attempts.
 
 This package was made to be the less invasive possible, but you can go full manual if you want.
 
 ## Usage
 
-First, create the `two_factor_authentications` table by running the migration:
+First, create the `two_factor_authentications` table by publishing the migration and migrating:
 
+    php artisan vendor:publish --provider="DarkGhostHunter\Laraguard\LaraguardServiceProvider" --tag="migrations"
     php artisan migrate
 
 This will create a table to handle the Two Factor Authentication information for each model you want to attach to 2FA.
 
-> If you need to modify the migration from this package, you can publish it to override whatever you need.
->
->     php artisan vendor:publish --provider="DarkGhostHunter\Laraguard\LaraguardServiceProvider" --tag="migrations"
-
 Add the `TwoFactorAuthenticatable` _contract_ and the `TwoFactorAuthentication` trait to the User model, or any other model you want to make Two Factor Authentication available. 
 
 ```php
diff --git a/composer.json b/composer.json
index bdcb611..c3b1d41 100644
--- a/composer.json
+++ b/composer.json
@@ -21,21 +21,24 @@
         }
     ],
     "require": {
-        "php": "^7.2.15",
+        "php": "^7.4||^8.0",
         "ext-json": "*",
         "bacon/bacon-qr-code": "^2.0",
-        "paragonie/constant_time_encoding": "^2.0",
-        "illuminate/support": "^6.15||^7.0",
-        "illuminate/auth": "^6.15||^7.0"
+        "paragonie/constant_time_encoding": "^2.4",
+        "illuminate/support": "^8.0",
+        "illuminate/http": "^8.20",
+        "illuminate/auth": "^8.0"
     },
     "require-dev": {
-        "orchestra/testbench": "^4.0||^5.0",
-        "orchestra/canvas": "^4.0||^5.0",
-        "phpunit/phpunit": "^8.0"
+        "orchestra/testbench": "^6.0",
+        "orchestra/canvas": "^6.0",
+        "mockery/mockery":"^1.4",
+        "phpunit/phpunit": "^9.3"
     },
     "autoload": {
         "psr-4": {
-            "DarkGhostHunter\\Laraguard\\": "src"
+            "DarkGhostHunter\\Laraguard\\": "src",
+            "Database\\Factories\\DarkGhostHunter\\Laraguard\\Eloquent\\": "database/factories"
         }
     },
     "autoload-dev": {
@@ -44,7 +47,7 @@
         }
     },
     "scripts": {
-        "test": "vendor/bin/phpunit",
+        "test": "vendor/bin/phpunit --coverage-clover build/logs/clover.xml",
         "test-coverage": "vendor/bin/phpunit --coverage-html coverage"
 
     },
diff --git a/config/laraguard.php b/config/laraguard.php
index d855747..6cb632e 100644
--- a/config/laraguard.php
+++ b/config/laraguard.php
@@ -79,9 +79,9 @@
     | Safe Devices
     |--------------------------------------------------------------------------
     |
-    | Authenticating with Two Factor Codes can become very obnoxious if you do
-    | it every time, so for this reasons the Safe Devices can be enabled. It
-    | remembers the device with an long-lived cookie to bypass Two Factor.
+    | Authenticating with Two Factor Codes can become very obnoxious when the
+    | user does it every time. To "remember" a device where a 2FA code was
+    | validated to not ask again you can enable Safe Device to save it.
     |
     */
 
diff --git a/database/factories/TwoFactorAuthenticationFactory.php b/database/factories/TwoFactorAuthenticationFactory.php
index 2c0fe1b..d2a735b 100644
--- a/database/factories/TwoFactorAuthenticationFactory.php
+++ b/database/factories/TwoFactorAuthenticationFactory.php
@@ -1,61 +1,102 @@
 <?php
-/** @var \Illuminate\Database\Eloquent\Factory $factory */
+
+namespace Database\Factories\DarkGhostHunter\Laraguard\Eloquent;
 
 use Faker\Generator as Faker;
+use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Collection;
 use DarkGhostHunter\Laraguard\Eloquent\TwoFactorAuthentication;
 
-$factory->define(TwoFactorAuthentication::class, function (Faker $faker) {
+class TwoFactorAuthenticationFactory extends Factory {
+    /**
+     * The name of the factory's corresponding model.
+     *
+     * @var string
+     */
+    protected $model = TwoFactorAuthentication::class;
+
+    /**
+     * Define the model's default state.
+     *
+     * @return array
+     */
+    public function definition()
+    {
+        $config = config('laraguard');
 
-    $config = config('laraguard');
+        $array = array_merge([
+            'shared_secret' => TwoFactorAuthentication::generateRandomSecret(),
+            'enabled_at'    => $this->faker->dateTimeBetween('-1 year'),
+            'label'         => $this->faker->freeEmail,
+        ], $config['totp']);
 
-    $array = array_merge([
-        'shared_secret' => TwoFactorAuthentication::generateRandomSecret(),
-        'enabled_at'    => $faker->dateTimeBetween('-1 year'),
-        'label'         => $faker->freeEmail,
-    ], $config['totp']);
+        [$enabled, $amount, $length] = array_values($config['recovery']);
 
-    [$enabled, $amount, $length] = array_values($config['recovery']);
+        if ($enabled) {
+            $array['recovery_codes'] = TwoFactorAuthentication::generateRecoveryCodes($amount, $length);
+            $array['recovery_codes_generated_at'] = $this->faker->dateTimeBetween('-1 years');
+        }
 
-    if ($enabled) {
-        $array['recovery_codes'] = TwoFactorAuthentication::generateRecoveryCodes($amount, $length);
-        $array['recovery_codes_generated_at'] = $faker->dateTimeBetween('-1 years');
+        return $array;
     }
 
-    return $array;
-});
+    /**
+     * Returns a model with unused recovery codes.
+     *
+     * @return TwoFactorAuthenticationFactory
+     */
+    public function withRecovery()
+    {
+        return $this->state(function(array $attributes) {
+            [$enabled, $amount, $length] = array_values(config('laraguard.recovery'));
 
-$factory->state(TwoFactorAuthentication::class, 'with recovery', function (Faker $faker) {
-    [$enabled, $amount, $length] = array_values(config('laraguard.recovery'));
-    return [
-        'recovery_codes'              => TwoFactorAuthentication::generateRecoveryCodes($amount, $length),
-        'recovery_codes_generated_at' => $faker->dateTimeBetween('-1 years'),
-    ];
-});
+            return [
+                'recovery_codes'              => TwoFactorAuthentication::generateRecoveryCodes($amount, $length),
+                'recovery_codes_generated_at' => $this->faker->dateTimeBetween('-1 years'),
+            ];
+        });
+    }
 
-// This state will create a full set of safe devices, but it will leave the last as purposefully expired.
-$factory->state(TwoFactorAuthentication::class, 'with safe devices', function (Faker $faker) {
+    /**
+     * Returns an authentication with a list of safe devices.
+     *
+     * @return TwoFactorAuthenticationFactory
+     */
+    public function withSafeDevices()
+    {
+        return $this->state(function (array $attributes) {
+            $max = config('laraguard.safe_devices.max_devices');
 
-    $max = config('laraguard.safe_devices.max_devices');
+            return [
+                'safe_devices' => Collection::times($max, function ($step) use ($max) {
 
-    return [
-        'safe_devices' => Collection::times($max, function ($step) use ($faker, $max) {
+                    $expiration_days = config('laraguard.safe_devices.expiration_days');
 
-            $expiration_days = config('laraguard.safe_devices.expiration_days');
+                    $added_at = $max !== $step
+                        ? now()
+                        : $this->faker->dateTimeBetween(now()->subDays($expiration_days * 2), now()->subDays($expiration_days));
 
-            $added_at = $max !== $step
-                ? now()
-                : $faker->dateTimeBetween(now()->subDays($expiration_days * 2), now()->subDays($expiration_days));
+                    return [
+                        '2fa_remember' => TwoFactorAuthentication::generateDefaultTwoFactorRemember(),
+                        'ip'           => $this->faker->ipv4,
+                        'added_at'     => $added_at,
+                    ];
+                }),
+            ];
+        });
+    }
 
+    /**
+     * Returns an enabled authentication.
+     *
+     * @return TwoFactorAuthenticationFactory
+     */
+    public function enabled()
+    {
+        return $this->state(function (array $attributes) {
             return [
-                '2fa_remember' => TwoFactorAuthentication::generateDefaultTwoFactorRemember(),
-                'ip'           => $faker->ipv4,
-                'added_at'     => $added_at,
+                'enabled_at' => null
             ];
-        }),
-    ];
-});
-
-$factory->state(TwoFactorAuthentication::class, 'disabled', [
-    'enabled_at' => null,
-]);
+        });
+    }
+}
diff --git a/database/migrations/2020_04_02_000000_create_two_factor_authentications_table.php b/database/migrations/2020_04_02_000000_create_two_factor_authentications_table.php
index 9fe33b3..369187e 100644
--- a/database/migrations/2020_04_02_000000_create_two_factor_authentications_table.php
+++ b/database/migrations/2020_04_02_000000_create_two_factor_authentications_table.php
@@ -16,7 +16,7 @@ public function up()
         Schema::create('two_factor_authentications', function (Blueprint $table) {
             $table->bigIncrements('id');
             $table->morphs('authenticatable', '2fa_auth_type_auth_id_index');
-            $table->binary('shared_secret');
+            $table->string('shared_secret');
             $table->timestampTz('enabled_at')->nullable();
             $table->string('label');
             $table->unsignedTinyInteger('digits')->default(6);
diff --git a/laraguardlogo.png b/laraguardlogo.png
new file mode 100644
index 0000000..ab2e4af
Binary files /dev/null and b/laraguardlogo.png differ
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
index 987fb11..a78e079 100644
--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -1,33 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit bootstrap="vendor/autoload.php"
-         backupGlobals="false"
-         backupStaticAttributes="false"
-         colors="true"
-         verbose="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         processIsolation="false"
-         stopOnFailure="false">
-    <testsuites>
-        <testsuite name="Test Suite">
-            <directory>tests</directory>
-        </testsuite>
-    </testsuites>
-    <filter>
-        <whitelist>
-            <directory suffix=".php">src/</directory>
-        </whitelist>
-    </filter>
-    <logging>
-        <log type="junit" target="build/report.junit.xml"/>
-        <log type="coverage-html" target="build/coverage"/>
-        <log type="coverage-text" target="build/coverage.txt"/>
-        <log type="coverage-clover" target="build/logs/clover.xml"/>
-    </logging>
-    <php>
-        <env name="APP_ENV" value="testing"/>
-        <env name="APP_KEY" value="AckfSECXIvnK5r28GVIWUAxmbBSjTsmF"/>
-        <env name="DB_CONNECTION" value="testing"/>
-    </php>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/autoload.php" backupGlobals="false" backupStaticAttributes="false" colors="true" verbose="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" processIsolation="false" stopOnFailure="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+  <coverage>
+    <include>
+      <directory suffix=".php">src/</directory>
+    </include>
+    <report>
+      <clover outputFile="build/logs/clover.xml"/>
+      <html outputDirectory="build/coverage"/>
+      <text outputFile="build/coverage.txt"/>
+    </report>
+  </coverage>
+  <testsuites>
+    <testsuite name="Test Suite">
+      <directory>tests</directory>
+    </testsuite>
+  </testsuites>
+  <logging>
+    <junit outputFile="build/report.junit.xml"/>
+  </logging>
+  <php>
+    <env name="APP_ENV" value="testing"/>
+    <env name="APP_KEY" value="AckfSECXIvnK5r28GVIWUAxmbBSjTsmF"/>
+    <env name="DB_CONNECTION" value="testing"/>
+  </php>
 </phpunit>
diff --git a/resources/views/auth.blade.php b/resources/views/auth.blade.php
index 3b1c467..4ffe140 100644
--- a/resources/views/auth.blade.php
+++ b/resources/views/auth.blade.php
@@ -24,6 +24,13 @@ class="@if($error) is-invalid @endif form-control form-control-lg"
                 @endif
             </div>
             <div class="w-100"></div>
+            <div class="col-sm-8 col-8 mb-3">
+                <div class="custom-control custom-checkbox">
+                    <input type="checkbox" class="custom-control-input" id="safe_device">
+                    <label class="custom-control-label" for="safe_device">Don't ask for codes in this device.</label>
+                </div>
+            </div>
+            <div class="w-100"></div>
             <div class="col-auto mb-3">
                 <button type="submit" class="btn btn-primary btn-lg">
                     {{ trans('laraguard::messages.confirm') }}
diff --git a/src/Eloquent/HandlesCodes.php b/src/Eloquent/HandlesCodes.php
index 752f5cc..8efffa6 100644
--- a/src/Eloquent/HandlesCodes.php
+++ b/src/Eloquent/HandlesCodes.php
@@ -4,6 +4,7 @@
 
 use DateTime;
 use Illuminate\Support\Carbon;
+use ParagonIE\ConstantTime\Base32;
 
 trait HandlesCodes
 {
@@ -141,7 +142,7 @@ protected function timestampToBinary(int $timestamp)
      */
     protected function getBinarySecret()
     {
-        return $this->attributes['shared_secret'];
+        return Base32::decodeUpper($this->attributes['shared_secret']);
     }
 
     /**
diff --git a/src/Eloquent/TwoFactorAuthentication.php b/src/Eloquent/TwoFactorAuthentication.php
index 59665ac..71ff8f6 100644
--- a/src/Eloquent/TwoFactorAuthentication.php
+++ b/src/Eloquent/TwoFactorAuthentication.php
@@ -2,6 +2,7 @@
 
 namespace DarkGhostHunter\Laraguard\Eloquent;
 
+use Illuminate\Database\Eloquent\Factories\HasFactory;
 use ParagonIE\ConstantTime\Base32;
 use Illuminate\Database\Eloquent\Model;
 use DarkGhostHunter\Laraguard\Contracts\TwoFactorTotp;
@@ -14,7 +15,6 @@
  * @property-read null|\DarkGhostHunter\Laraguard\Contracts\TwoFactorAuthenticatable $authenticatable
  *
  * @property string $shared_secret
- *
  * @property string $label
  * @property int $digits
  * @property int $seconds
@@ -35,6 +35,7 @@ class TwoFactorAuthentication extends Model implements TwoFactorTotp
     use HandlesRecoveryCodes;
     use HandlesSafeDevices;
     use SerializesSharedSecret;
+    use HasFactory;
 
     /**
      * The attributes that should be cast to native types.
@@ -70,26 +71,6 @@ public function authenticatable()
         return $this->morphTo('authenticatable');
     }
 
-    /**
-     * Gets the Shared Secret attribute from its binary form.
-     *
-     * @param $value
-     * @return null|string
-     */
-    protected function getSharedSecretAttribute($value)
-    {
-        return $value === null ? $value : Base32::encodeUpper($value);
-    }
-
-    /**
-     * Sets the Shared Secret attribute to its binary form.
-     *
-     * @param $value
-     */
-    protected function setSharedSecretAttribute($value)
-    {
-        $this->attributes['shared_secret'] = Base32::decodeUpper($value);
-    }
 
     /**
      * Sets the Algorithm to lowercase.
@@ -135,7 +116,7 @@ public function flushAuth()
 
         $this->attributes = array_merge($this->attributes, config('laraguard.totp'));
 
-        $this->setSharedSecretAttribute(static::generateRandomSecret());
+        $this->attributes['shared_secret'] = static::generateRandomSecret();
 
         return $this;
     }
diff --git a/src/Http/Controllers/Confirm2FACodeController.php b/src/Http/Controllers/Confirm2FACodeController.php
index 43e4c38..860a192 100644
--- a/src/Http/Controllers/Confirm2FACodeController.php
+++ b/src/Http/Controllers/Confirm2FACodeController.php
@@ -27,5 +27,6 @@ class Confirm2FACodeController extends Controller
     public function __construct()
     {
         $this->middleware(['auth']);
+        $this->middleware(['throttle:60,1'])->only('confirm');
     }
-}
\ No newline at end of file
+}
diff --git a/src/LaraguardServiceProvider.php b/src/LaraguardServiceProvider.php
index d819179..5585ef8 100644
--- a/src/LaraguardServiceProvider.php
+++ b/src/LaraguardServiceProvider.php
@@ -12,6 +12,13 @@
 
 class LaraguardServiceProvider extends ServiceProvider
 {
+    /**
+     * The path of the migration file.
+     *
+     * @var string
+     */
+    protected const MIGRATION_FILE = __DIR__ . '/../database/migrations/2020_04_02_000000_create_two_factor_authentications_table.php';
+
     /**
      * Register the application services.
      *
@@ -34,7 +41,6 @@ public function register()
     public function boot(Repository $config, Router $router, Dispatcher $dispatcher, Factory $validator)
     {
         $this->loadViewsFrom(__DIR__ . '/../resources/views', 'laraguard');
-        $this->loadFactoriesFrom(__DIR__ . '/../database/factories');
         $this->loadTranslationsFrom(__DIR__ . '/../resources/lang', 'laraguard');
 
         $this->registerListener($config, $dispatcher);
@@ -136,7 +142,10 @@ protected function publishFiles()
         // copies for the same migration, which can throw errors when re-migrating.
         if (! class_exists('CreateTwoFactorAuthenticationsTable')) {
             $this->publishes([
-                __DIR__ . '/../database/migrations/2020_04_02_000000_create_two_factor_authentications_table.php' => database_path('migrations/' . now()->format('Y_m_d_His') . '_create_two_factor_authentications_table.php'),
+                self::MIGRATION_FILE =>
+                    database_path('migrations/' .
+                    now()->format('Y_m_d_His') .
+                    '_create_two_factor_authentications_table.php'),
             ], 'migrations');
         }
     }
diff --git a/src/Listeners/ChecksTwoFactorCode.php b/src/Listeners/ChecksTwoFactorCode.php
index 9a32f6b..80b163c 100644
--- a/src/Listeners/ChecksTwoFactorCode.php
+++ b/src/Listeners/ChecksTwoFactorCode.php
@@ -20,7 +20,8 @@ protected function shouldUseTwoFactorAuth($user = null)
 
         $shouldUse = $user->hasTwoFactorEnabled();
 
-        if ($this->config['laraguard.safe_devices.enabled']) {
+        // If safe devices is active, then it should be used if the current is not.
+        if ($this->isSafeDevicesEnabled()) {
             return $shouldUse && ! $user->isSafeDevice($this->request);
         }
 
@@ -28,14 +29,24 @@ protected function shouldUseTwoFactorAuth($user = null)
     }
 
     /**
-     * Returns if the Request is from a Safe Device.
+     * Checks if the app config has Safe Devices enabled.
      *
-     * @param  \DarkGhostHunter\Laraguard\Contracts\TwoFactorAuthenticatable  $user
      * @return bool
      */
-    protected function isSafeDevice(TwoFactorAuthenticatable $user)
+    protected function isSafeDevicesEnabled()
     {
-        return $this->config['laraguard.safe_devices.enabled'] && $user->isSafeDevice($this->request);
+        return $this->config['laraguard.safe_devices.enabled'];
+    }
+
+
+    /**
+     * Checks if the user wants to add this device as "safe".
+     *
+     * @return bool
+     */
+    protected function wantsAddSafeDevice()
+    {
+        return $this->request->filled('safe_device');
     }
 
     /**
@@ -45,31 +56,26 @@ protected function isSafeDevice(TwoFactorAuthenticatable $user)
      */
     protected function hasCode()
     {
-        return $this->request->has($this->input);
+        return $this->request->filled($this->input);
     }
 
     /**
-     * Checks if the Request has a Two Factor Code and is correct (even if is invalid).
+     * Checks if the Request has a Two Factor Code and is correct and valid.
      *
      * @param  \DarkGhostHunter\Laraguard\Contracts\TwoFactorAuthenticatable  $user
      * @return bool
      */
     protected function hasValidCode(TwoFactorAuthenticatable $user)
     {
-        return ! validator($this->request->only($this->input), [$this->input => 'alphanum'])->fails()
-            && $user->validateTwoFactorCode($this->request->input($this->input));
+        return $this->hasCorrectCode() && $user->validateTwoFactorCode($this->request->input($this->input));
     }
 
     /**
-     * Adds a safe device to Two Factor Authentication data.
+     * Checks if the Request has a Two Factor Code and is correct.
      *
-     * @param  \DarkGhostHunter\Laraguard\Contracts\TwoFactorAuthenticatable  $user
-     * @return void
+     * @return bool
      */
-    protected function addSafeDevice(TwoFactorAuthenticatable $user)
-    {
-        if ($this->config['laraguard.safe_devices.enabled']) {
-            $user->addSafeDevice($this->request);
-        }
+    protected function hasCorrectCode() {
+        return ! validator($this->request->only($this->input), [$this->input => 'alphanum'])->fails();
     }
 }
diff --git a/src/Listeners/EnforceTwoFactorAuth.php b/src/Listeners/EnforceTwoFactorAuth.php
index cb6a2c0..b5271b8 100644
--- a/src/Listeners/EnforceTwoFactorAuth.php
+++ b/src/Listeners/EnforceTwoFactorAuth.php
@@ -82,12 +82,22 @@ public function saveCredentials(Attempting $event)
     public function checkTwoFactor(Validated $event)
     {
         if ($this->shouldUseTwoFactorAuth($event->user)) {
+            // If the request doesn't have any code, just throw a response.
+            if (! $this->hasCode()) {
+                $this->throwResponse($event->user);
+            }
 
-            if ($this->isSafeDevice($event->user) || ($this->hasCode() && $invalid = $this->hasValidCode($event->user))) {
-                return $this->addSafeDevice($event->user);
+            // If the user has set an invalid code, throw him a response.
+            if (! $this->hasValidCode($event->user)) {
+                $this->throwResponse($event->user, true);
             }
 
-            $this->throwResponse($event->user, isset($invalid));
+            // The code is valid so we will need to check if the device should
+            // be registered as safe. For that, we will check if the config
+            // allows it, and there is a checkbox filled to opt-in this.
+            if ($this->isSafeDevicesEnabled() && $this->wantsAddSafeDevice()) {
+                $event->user->addSafeDevice($this->request);
+            }
         }
     }
 
@@ -97,11 +107,12 @@ public function checkTwoFactor(Validated $event)
      * @param  \DarkGhostHunter\Laraguard\Contracts\TwoFactorAuthenticatable  $user
      * @param  bool  $error
      * @return void
+     * @throws \Illuminate\Http\Exceptions\HttpResponseException
      */
     protected function throwResponse(TwoFactorAuthenticatable $user, bool $error = false)
     {
         $view = view('laraguard::auth', [
-            'action'      => request()->fullUrl(),
+            'action'      => $this->request->fullUrl(),
             'credentials' => $this->credentials,
             'user'        => $user,
             'error'       => $error,
@@ -109,6 +120,8 @@ protected function throwResponse(TwoFactorAuthenticatable $user, bool $error = f
             'input'       => $this->input
         ]);
 
-        return response($view, $error ? 422 : 403)->throwResponse();
+        response($view, $error ? 422 : 403, [
+            'Cache-Control' => 'no-cache, must-revalidate',
+        ])->throwResponse();
     }
 }
diff --git a/tests/CreatesTwoFactorUser.php b/tests/CreatesTwoFactorUser.php
index 4bbc459..6c62c38 100644
--- a/tests/CreatesTwoFactorUser.php
+++ b/tests/CreatesTwoFactorUser.php
@@ -19,7 +19,7 @@ protected function createTwoFactorUser()
         ]);
 
         $this->user->twoFactorAuth()->save(
-            factory(TwoFactorAuthentication::class)->make()
+            TwoFactorAuthentication::factory()->make()
         );
     }
 }
diff --git a/tests/Eloquent/TwoFactorAuthenticationTest.php b/tests/Eloquent/TwoFactorAuthenticationTest.php
index 5d73783..8f53704 100644
--- a/tests/Eloquent/TwoFactorAuthenticationTest.php
+++ b/tests/Eloquent/TwoFactorAuthenticationTest.php
@@ -37,28 +37,18 @@ public function test_returns_authenticatable()
         ]);
 
         $user->twoFactorAuth()->save(
-            $tfa = factory(TwoFactorAuthentication::class)->make()
+            $tfa = TwoFactorAuthentication::factory()->make()
         );
 
         $this->assertInstanceOf(MorphTo::class, $tfa->authenticatable());
         $this->assertTrue($user->is($tfa->authenticatable));
     }
 
-    public function test_mutates_base_32_shared_attribute_as_binary()
-    {
-        $tfa = new TwoFactorAuthentication();
-
-        $tfa->shared_secret = 'CCSWDTKINR7YM3TR5LQ6EEVIYY5PZRZ2';
-
-        $attributes = $tfa->getAttributes();
-
-        $this->assertEquals('10a561cd486c7f866e71eae1e212a8c63afcc73a', bin2hex($attributes['shared_secret']));
-    }
 
     public function test_lowercases_algorithm()
     {
-        $tfa = factory(TwoFactorAuthentication::class)
-            ->states('with recovery', 'with safe devices')
+        $tfa = TwoFactorAuthentication::factory()
+            ->withRecovery()->withSafeDevices()
             ->make([
                 'algorithm' => 'AbCdE2',
             ]);
@@ -81,8 +71,8 @@ public function test_is_enabled_and_is_disabled()
 
     public function test_flushes_authentication()
     {
-        $tfa = factory(TwoFactorAuthentication::class)
-            ->states('with recovery', 'with safe devices')
+        $tfa = TwoFactorAuthentication::factory()
+            ->withRecovery()->withSafeDevices()
             ->create([
                 'authenticatable_type' => 'test',
                 'authenticatable_id'   => 9,
@@ -121,7 +111,7 @@ public function test_generates_random_secret()
 
     public function test_makes_code()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'shared_secret' => $secret = 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
         ]);
 
@@ -150,7 +140,7 @@ public function test_makes_code()
 
     public function test_makes_code_for_timestamp()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'shared_secret' => $secret = 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
         ]);
 
@@ -160,7 +150,7 @@ public function test_makes_code_for_timestamp()
 
     public function test_validate_code()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'shared_secret' => $secret = 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'window'        => 0,
         ]);
@@ -179,7 +169,7 @@ public function test_validate_code()
 
     public function test_validate_code_with_window()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'shared_secret' => $secret = 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'window'        => 1,
         ]);
@@ -208,17 +198,17 @@ public function test_validate_code_with_window()
 
     public function test_contains_unused_recovery_codes()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make();
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make();
 
         $this->assertTrue($tfa->containsUnusedRecoveryCodes());
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'recovery_codes' => null,
         ]);
 
         $this->assertFalse($tfa->containsUnusedRecoveryCodes());
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'recovery_codes' => collect([
                 [
                     'code'    => '2G5oP36',
@@ -249,7 +239,7 @@ public function test_generates_random_safe_device_remember_token()
 
     public function test_serializes_to_string()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'shared_secret' => $secret = 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
         ]);
 
@@ -260,7 +250,7 @@ public function test_serializes_to_string()
 
     public function test_serializes_to_grouped_string()
     {
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'shared_secret' => 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
         ]);
 
@@ -271,7 +261,7 @@ public function test_serializes_to_uri()
     {
         config(['laraguard.issuer' => 'quz']);
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'label'         => 'test@foo.com',
             'shared_secret' => 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'algorithm'     => 'sHa256',
@@ -287,7 +277,7 @@ public function test_serializes_to_qr_and_renders_to_qr()
     {
         config(['laraguard.issuer' => 'quz']);
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'label'         => 'test@foo.com',
             'shared_secret' => 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'algorithm'     => 'sHa256',
@@ -306,7 +296,7 @@ public function test_serializes_to_qr_and_renders_to_qr_with_custom_values()
             'margin' => 10
         ]]);
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'label'         => 'test@foo.com',
             'shared_secret' => 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'algorithm'     => 'sHa256',
@@ -321,7 +311,7 @@ public function test_serializes_uri_to_json()
     {
         config(['laraguard.issuer' => 'quz']);
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'label'         => 'test@foo.com',
             'shared_secret' => 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'algorithm'     => 'sHa256',
@@ -339,7 +329,7 @@ public function test_changes_issuer()
     {
         config(['laraguard.issuer' => 'foo bar']);
 
-        $tfa = factory(TwoFactorAuthentication::class)->states('with recovery', 'with safe devices')->make([
+        $tfa = TwoFactorAuthentication::factory()->withRecovery()->withSafeDevices()->make([
             'label'         => 'test@foo.com',
             'shared_secret' => 'KS72XBTN5PEBGX2IWBMVW44LXHPAQ7L3',
             'algorithm'     => 'sHa256',
diff --git a/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php b/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php
index a27eefc..2c6a909 100644
--- a/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php
+++ b/tests/Http/Middleware/ConfirmTwoFactorEnabledTest.php
@@ -131,6 +131,28 @@ public function test_bypasses_check_if_below_timeout()
             ->assertViewIs('laraguard::confirm');
     }
 
+    public function test_throttles_totp()
+    {
+        Date::setTestNow($now = Date::create(2020, 04, 01, 20, 20));
+
+        $this->actingAs($this->user);
+
+        $this->followingRedirects()
+            ->get('intended')
+            ->assertViewIs('laraguard::confirm');
+
+        for ($i = 0; $i < 60; $i++) {
+            $this->post('2fa/confirm', [
+                config('laraguard.input') => 'invalid'
+            ])->assertSessionHasErrors();
+        }
+
+        $this->post('2fa/confirm', [
+            config('laraguard.input') => 'invalid'
+        ])->assertStatus(429);
+
+    }
+
     public function test_routes_to_alternate_named_route()
     {
         $this->app['router']->get('intended_to_foo', function () {
@@ -146,4 +168,4 @@ public function test_routes_to_alternate_named_route()
         $this->get('intended_to_foo')
             ->assertRedirect('foo');
     }
-}
\ No newline at end of file
+}
diff --git a/tests/Listeners/ForcesTwoFactorAuthTest.php b/tests/Listeners/ForcesTwoFactorAuthTest.php
index b7555c5..c0cee61 100644
--- a/tests/Listeners/ForcesTwoFactorAuthTest.php
+++ b/tests/Listeners/ForcesTwoFactorAuthTest.php
@@ -213,7 +213,7 @@ public function test_login_request_from_safe_device_with_safe_device_disabled_sh
         ])->assertViewIs('laraguard::auth');
     }
 
-    public function test_login_request_from_safe_devices_with_safe_devices_enabled_saves_device()
+    public function test_login_request_from_safe_devices_with_safe_devices_enabled_doesnt_save_device()
     {
         config(['laraguard.safe_devices.enabled' => true]);
 
@@ -230,7 +230,28 @@ public function test_login_request_from_safe_devices_with_safe_devices_enabled_s
 
         $this->user->refresh();
 
-        $this->assertCount(1, $this->user->twoFactorAuth->safe_devices);
+        $this->assertCount(0, $this->user->twoFactorAuth->safe_devices ?? []);
+    }
+
+    public function test_login_request_from_safe_devices_with_safe_devices_enabled_and_wants_saves_device()
+    {
+        config(['laraguard.safe_devices.enabled' => true]);
+
+        $this->assertNull($this->user->twoFactorAuth->safe_devices);
+
+        $this->post('login', [
+            'email'    => 'foo@test.com',
+            'password' => '12345678',
+            'remember' => 'on',
+            '2fa_code' => $this->user->twoFactorAuth->makeCode(),
+            'safe_device' => 'on'
+        ], [
+            'REMOTE_ADDR' => $ip = $this->faker->ipv4,
+        ])->assertSeeText('authenticated');
+
+        $this->user->refresh();
+
+        $this->assertCount(1, $this->user->twoFactorAuth->safe_devices ?? []);
     }
 
     public function test_login_request_from_save_device_with_save_devices_doesnt_save_and_shows_form()
@@ -302,7 +323,7 @@ public function test_auth_request_receives_no_code_shows_form()
             'password' => '12345678',
             'remember' => 'on',
             '2fa_code' => '',
-        ])->assertViewIs('laraguard::auth')->assertStatus(422);
+        ])->assertViewIs('laraguard::auth')->assertForbidden();
     }
 
     public function test_auth_request_receives_invalid_code_shows_form()
@@ -402,7 +423,42 @@ public function test_auth_request_receives_code_and_doesnt_saves_device()
         $this->assertNull($this->user->twoFactorAuth->safe_devices);
     }
 
-    public function test_auth_requests_receives_code_and_saves_device()
+    public function test_auth_requests_receives_code_and_doesnt_save_device()
+    {
+        config(['laraguard.safe_devices.enabled' => true]);
+
+        Carbon::setTestNow();
+
+        $code = $this->user->twoFactorAuth->makeCode();
+
+        $this->post('login', [
+            'email'    => 'foo@test.com',
+            'password' => '12345678',
+            'remember' => 'on',
+            '2fa_code' => $code,
+        ])->assertSee('authenticated')->assertOk();
+
+        $this->user->refresh();
+
+        $this->assertCount(0, $this->user->twoFactorAuth->safe_devices ?? []);
+
+        $this->app->forgetInstance(TwoFactorListener::class);
+
+        $code = $this->user->generateRecoveryCodes()->first()['code'];
+
+        $this->post('login', [
+            'email'    => 'foo@test.com',
+            'password' => '12345678',
+            'remember' => 'on',
+            '2fa_code' => $code,
+        ])->assertSee('authenticated')->assertOk();
+
+        $this->user->refresh();
+
+        $this->assertNull($this->user->twoFactorAuth->safe_devices);
+    }
+
+    public function test_auth_requests_receives_code_and_saves_devices()
     {
         config(['laraguard.safe_devices.enabled' => true]);
 
@@ -415,11 +471,12 @@ public function test_auth_requests_receives_code_and_saves_device()
             'password' => '12345678',
             'remember' => 'on',
             '2fa_code' => $code,
+            'safe_device' => 'on'
         ])->assertSee('authenticated')->assertOk();
 
         $this->user->refresh();
 
-        $this->assertCount(1, $this->user->twoFactorAuth->safe_devices);
+        $this->assertCount(1, $this->user->twoFactorAuth->safe_devices ?? []);
 
         $this->app->forgetInstance(TwoFactorListener::class);
 
@@ -430,6 +487,7 @@ public function test_auth_requests_receives_code_and_saves_device()
             'password' => '12345678',
             'remember' => 'on',
             '2fa_code' => $code,
+            'safe_device' => 'on'
         ])->assertSee('authenticated')->assertOk();
 
         $this->user->refresh();